-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 4/22/2010 22:00, Owen DeLong wrote: > > On Apr 22, 2010, at 5:55 AM, Jim Burwell wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On 4/22/2010 05:34, Simon Perreault wrote: >>> On 2010-04-22 07:18, William Herrin wrote: >>>> On the other hand, I could swear I've seen a draft where the >>>> PC picks up random unused addresses in the lower 64 for each >>>> new outbound connection for anonymity purposes. >>> >>> That's probably RFC 4941. It's available in pretty much all >>> operating systems. I don't think there's any IPR issue to be >>> afraid of. >>> >>> Simon >> I think this is different. They're talking about using a new >> IPv6 for each connection. RFC4941 just changes it over time >> IIRC. IMHO that's still pretty good privacy, at least on par >> with a NATed IPv4 from the outside perspective, especially if you >> rotated through temporary IPv6s fairly frequently. > > 4941 specified changing over time as one possibility. It does > allow for per flow or any other host based determination of when it > needs a new address. > > Owen K. Can't say I've read the RFC all the way through (skimmed it). Current implementations do the time thing. XP, Vista, and 7 seem to have it turned on by default. *nix has support via the "net.ipv6.conf.all.use_tempaddr=2" variable, typically not on by default.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvRLkUACgkQ2fXFxl4S7sQ2YgCg3uSkp1GNxcgjCDVc1jxnDv7s DtoAniXH8nND7+r6xEFJXGHrRJ77CBkZ =eSHI -----END PGP SIGNATURE-----